It wasn't sustainable, and I had a few near-breaking points. I don't want that for this year (on multiple levels) so I've been intentional about the first steps of 2026 to bring a new tact and perspective to the way I internally operate.

Gratitude

Before I dive in, I wanted to extend my gratitude to Kelly Vaughn with the Modern Leader for creating and sharing the reset challenge. Provided as a series of bite-sized prompts over the first 3 weeks of the year, it helped me in examining the patterns that I was exhibiting and what ingrained habits I have that perpetuate this situation. There's a lot of leadership-branded stuff in the market that's laden with the bullshit or heavy on a singular viewpoint, but the reset challenge was approachable and kept space for individuality.

1. Where I was

 I was operating as a high-capacity, high-responsiveness PM, constantly taking on more work than planned in the name of being useful, adaptable, and dependable—especially during organizational instability.

In practice, this meant:

• Letting “urgent” inputs bypass my planned work
• Regularly pushing aside my own priorities to do things that felt fast or helpful
• Carrying work “temporarily” that never actually moved off my plate

On paper, things kept moving. Internally, my focus, momentum, and mental health steadily eroded.

2. The pattern I identified

Over-pressuring myself to do more and different things—by default, not by choice.

This pattern shows up as:

• New emails, messages, and asks jumping the queue over my todo list
• Convincing myself something will “only take an hour” and doing it immediately
• Defaulting to me as the solution instead of finding the right owner

The result wasn’t flexibility—it was constant self-interruption.

3. Why it matters

When this pattern runs unchecked, it quietly costs me:

• Mental health and emotional stability
• Momentum on meaningful, multi-week work
• A sense of accomplishment at the end of the day

Most dangerously, it trains my brain to prioritize urgency over importance, which is the opposite of what good PM leadership requires—especially at senior levels.

4. The experiment I’m running

 This is a time-bound learning experiment, not a permanent rule.

Experiment:

• For 2–3 working days, I will not accept “day-of” work
• Every incoming ask gets written down, not acted on
• One week later, I will review:
  • What truly mattered
  • What no one noticed
  • What only felt urgent in the moment

Supporting constraints:

• Everything I work on must go through my todo list—even exceptions
• If I choose to diverge, it’s explicit and visible

This adds just enough friction to interrupt autopilot without breaking my job.

5. What success looks like

Success is not “perfect focus” or “zero distractions.”

Early signals this is working:

• I end more days feeling done, not depleted
• I feel prepared for the things that matter—or calm about what doesn’t
• Weekly reviews of my 1–3 month goals trigger less anxiety and more clarity
• Decisions feel lighter because fewer things are competing for attention

These are signals, not metrics. If they show up, I’m on the right path.

6. What I’m not trying to change right now

This reset is intentionally narrow.

I am not trying to:

• Become less helpful or less responsive overall
• Fix organizational instability or external chaos
• Eliminate distractions entirely
• Prove anything about my worth or capability
• Operate at 100% focus every day

I am trying to: Turn the volume down on a harmful default—by about 20–30%—and reclaim enough cognitive space to do the work that actually matters.

🥂 Cheers to 2026.

Yes, I know OneDrive apps offer a pinned/favorite option for files - but they’re separated by app. I usually have Word docs, PowerPoint files, etc all mixed together and this has been the best solution for that challenge.

Overall setup

You designate a local folder, like ~/Documents/CoreDocuments, to be your go-to directory for the files you need frequently. I like to keep this folder pinned to the dock in folder display mode for 1-second access, but you can also make it easy to get to by dragging it into the Favorites in Finder.

From here, we’ll be placing Aliases in the folder to the files we use frequently. You can manually create these for each file by selecting “Make Alias” from the context menu and then dragging the newly created alias into the your CoreDocuments directory (or whatever you’re calling it). This is still a win in terms of having better access to files, but since the destination will always be the same - it seems silly to always have a 2nd step.

Enter Shortcuts, Applescript, and the Quick Actions menu.

Leveraging Shortcuts

Open the Shortcuts app on your computer - a powerhouse of a utility for creating automations. This is the 2-step shortcut we’re going to create:

1. Start a new shortcut and using the info icon on the right, select “Use as Quick Action” and “Finder”.

2. In the 1st step of the shortcut, change the “Receive” option to select only Files

3. Using the cascading squares icon on the right, find “Run AppleScript” and double-click to bring it onto the canvas.

4. Click on the “Run AppleScript” step where “Shortcut Input” is linked and change the type dropdown to File.

5. In the body of the AppleScript step, paste in the AppleScript snippet provided below. Modify the 2nd line to match the path to the folder you created to store your aliases in.

6. Click on the header of the window to rename the shortcut and optionally change the icon up.

That’s it. Close the window, and get ready to test it (details below the AppleScript).

the AppleScript

on run {input, parameters}
    set destPath to "/Users/drewsk/Documents/CoreDocuments"
    set destFolderAlias to POSIX file destPath

    tell application "Finder"
        set destFolder to folder destFolderAlias

        repeat with anItem in input
            make new alias file at destFolder to anItem
        end repeat
    end tell

    return input
end run

The shortcut in action

Using the context menu on any file (or selecting multiple), under the “Quick Actions” branch your shortcut will now appear. Selecting it makes an alias immediately in your designated folder, making it much easier to get back to this file multiple times in the future.

Helpful links

It took just a bit for me to get this working how I wanted, and this article was helpful in working with the raw AppleScript before moving into Shortcuts:

https://www.codegenes.net/blog/how-do-i-create-a-macintosh-finder-alias-from-the-command-line/

What is a Stream Deck?

A pricy piece of kit for your desk that adds a bunch of extra buttons off of your keyboard with explicit uses - you decide what they do. The smallest (Neo) Stream Deck still runs about $100 but you can also find Stream Decks of multiple generations pre-loved from places like eBay.

https://www.elgato.com/stream-deck

The Stream Deck is clutch for anything you do on your computer that takes multiple clicks to get done or requires precise motions.

Microsoft Teams integration

I use Microsoft Teams a lot (too much!) at work (PM at Microsoft, disclosure reminder) - over half my day gets consumed by meetings if I’m not careful. The Stream Deck plugin for Microsoft Teams (https://marketplace.elgato.com/product/microsoft-teams-da5e2bbc-197c-4afe-8a85-a9941bf52697) was the first plugin I installed when setting up the deck and it was way easier than I expected.

The key step in my environment was to enable integrations (APIs) under the Privacy tab in the Teams settings (cmd + comma, thankfully). As long as you’ve toggled on the “enable API” option under “Third-party app API” for Teams, then your Stream Deck can quickly control your in-call options.

Is it worth it?

To be honest, for the volume of calls I’m on, the Stream Deck has been worth it for just the Teams integration alone. That doesn’t say great things about the Microsoft Teams interface (gosh did I just raise my hand when trying to thumbs up again?) but to be fair there’s some paradigm complications when you need to layer the call window in with all the other interfaces on the machine. I really don’t like the small pop-up window that appears when the call window isn’t visible for a moment and prefer the tactility of the external buttons.

There’s 2 frequent entry points I use to go into the terminal - either from general file explorer (Finder) or from the file explorer in VS Code. In VS Code, there’s a context menu item that makes it a easier and in Finder I have a quick customization that saves me a bunch of time. If you ever use the terminal you may want to know about these 2 options:

From VS Code

I appreciate how the terminal is integrated with VS Code from the ability to quickly get it open with a common keystroke (ctrl+`) to the extensibility points. Its just pretty rare that I’m not working in VS Code and using the terminal for some very repeatable interaction (git, build, etc). Even more esoteric things, like duplicating a file in a different folder or managing multiple projects in a single VS Code workspace, lead me to the terminal. This is probably why I constantly point out the “Open in Integrated Terminal” context menu item in VS Code.

This could be a nested folder or just a long folder name you can’t remember the first couple letters of, but right-clicking on a folder in VS Code’s file explorer gives you an “open in integrated terminal” option towards the top. Selecting this gives you a new terminal where it starts from that location.

The VS Code menu item may not save as much time per use as the next option, but since I use it so much I wanted to mention it.

From Finder

There’s 2 things I usually want to do from a folder nested someone on my machine - that’s open it in a terminal or open it in an IDE (usually VS Code). Open in Terminal is an app for macOS that extends the Finder toolbar to simply do 1 or more actions. It’s not ideal that I have to install an app to do something somewhat fundamental for system navigation, but the general simplicity of the Finder interface is preferred over having an extra 10 options I don’t use just to get these 2 out of the box.

Because I lean towards the streamlined interface, I use OpenInTerminal-Lite with shortcuts for opening in the terminal and in VS Code placed in the toolbar. The apps that it opens, like which terminal (Terminal, iTerm2) or which editor (VS Code, IntelliJ, Cursor) are customizable by you with a quick command or during first launch setup. Check it out - all of it, since its open source - at https://github.com/Ji4n1ng/OpenInTerminal.

You can set it up to open whichever apps you prefer, just about. As long as the app supports the open command with the file/folder following, you’re likely to have success going beyond the impressive initial list of apps supported.

Not using the terminal much?

Even if you’re not at home in the terminal, the OpenInTerminal utility for Finder will help you out in opening the editor. The terminal isn’t the end-all-be-all of using your computer, but if you do development or IT administration, chances are that it can make you more effective over time. That said - the terminal is something you pretty much only learn with practice and then continued discovery. Better get in there.

Google “search results” ads purchased by malicious actors point to the legitimate websites of big name companies, but with use of those websites’ content handling techniques (query strings) to add additional content to the page. You land on the real website, but the search bar is filled with “CALL NOW FOR HELP 1-800-123-4567”

The summary is a bit sensationalized, since “hijack” makes it sound like the malicious actors have complete control of the car. This is more akin to if they’ve just slapped a bumper sticker on it with their information before walking away. Dangerous and bad, still yes.

Technically, the buck stops at the website of the company to protect itself from being used in harmful ways against its users. Savvy users will likely pick up on these being scams, but even smart people have urgent moments where they’re drawn in by the very scam techniques they’ve learned to notice. Do you lock your search results pages down to internal referrers? Do you block google.com search results from your search results pages?

Query strings are really convenient ways to pass small amounts of information between pages. The question mark + q + equals sign is synonymous with looking for something on a website. Will this campaign through Google ads serve as a driver to move web technology off of query strings? I’ll be honest, adding cookies in GET requests or switching to multi-request sequences are both non-optimal solutions. I’m glad someone smarter than me can sort it out.

Speaking of Google ads… they’re complicit here too. Can Google avoid serving these ads? Sure, with a similar amount of technical difficulty as the websites detecting fraudulent use but they’re not using industry standard tech. Google is cultivating the breeding ground for implicit trust in their quest for monetization of the search results. The betrayal in the search results is that the ads continue to become disguised as organic search results. How far down the page do I need to scroll before I can start trusting the links and page summaries?

Malware bytes takes the time to mention their browser extension that can detect scams on websites, but frankly - they could offer detection services (for a cost) to Google before they further erode trust in the ads in their search results.

More on this from Ars: https://arstechnica.com/security/2025/06/tech-support-scammers-inject-malicious-phone-numbers-into-big-name-websites/

I digress. Noticing those page margins, the legacy norms, in your established product is especially important when you’re looking to bring new life into it with an evolution or revolution. I might be the only person that will complain about page margins, but I’ll bet if we looked more closely at how we could present content in word processors without the default margins we might come up with a whole new way to interact with digital documents.

How do you pick up on your legacy norms? I start by naming the assumptions. This can be difficult to do thoroughly sometimes because there just aren’t APIs for all the things that are assumed. Why on earth would I build a property in to set Think about all those videos of parents having their kids tell them how to make a peanut butter sandwich while they smear peanut butter on their hand and then smash the bread because the directions coming from the kid just have things assumed baked into them. We are all those kids, and we have to look at our products like the parents to notice the legacy norms in the form of assumptions.

Watching new users experience your product can be a way to unearth the legacy norms by observing their points of friction, but there’s often poison in the well. If your product was originally designed to be consistent with other pieces of an ecosystem, that benefit also reinforces the legacy norms. To some people, a floppy disk is a 1MB portable storage device; to others, it’s the save icon and nothing more.

Why do we even care about the legacy norms? Well, like I mentioned with how new users experience your product, the legacy norms might be sources of friction on a scale of speed bump to completely blocked. Even for a functionally perfect product, the legacy norms could be opportunities for enhancement. Legacy isn’t meant to have a negative connotation here, standing the test of time shouldn’t be taken for granted. However, there’s a fine line between surviving and continued success.

Post-edit: pageless mode in Google Docs

I’d be remiss to not come back when I got a good chuckle from a dialog introducing me to pageless mode in Google Docs. No matter how normalized a standard becomes, it is still up for evolution.

Public betas are released by Apple later in the summer and still keep you ahead of the (super uncool) general population. For anything that needs a plausible level of stability, the public betas are really where you want to be considering experimenting. Anything sooner is asking for trouble. You might be ok. Or you might have to completely reimage your system.

In case you enjoy flowcharts, I tried to break down whether you should be installing macOS developer betas - especially the first couple releases:

flowchart TD
        A(["You're on the current OS"])
        A --> B{"Are you a developer?"}
        B --> C["No"]
        B --> D["Yes, I build things"]
        B --> E["Yes, I build things for that platform"]
        C --> F(["Stay on the current OS"])
        D --> F
        E --> G(["Test your app on the developer beta"])
        F --> H["I really don't want to"]
        H --> I(["At least take a backup first"])

If you got into trouble

If you tried out the developer beta for macOS and it has not gone well, there’s a few helpful links:

• Here’s how to reinstall macOS - https://support.apple.com/en-us/102655

• Hopefully you took a backup - https://support.apple.com/en-us/102307

• And are ready to reimage from macOS recovery - https://support.apple.com/en-us/102518

Similar processes are available for iPadOS and iOS, although they can be more tricky in the age of MFA tokens.

Snark and cynicism aside

Beta software is fun, and that excitement is why half of us got into building things with computers in the first place. I don’t use my iPad all the time, so I’m going to grab the developer beta there, but I have to remember that I’ve ended up reverting about every other year until the public beta.

This weekend I’m going to backup my personal laptop and give the macOS 26 developer beta a spin because I can’t wait to give the containerization package a try.

Deploy the Same DACPAC to Multiple Platforms with /p:AllowIncompatiblePlatform=true

When building your database project, the generated DACPAC is targeted for a specific SQL platform (eg SQL Server 2019). If you try to deploy that DACPAC to a different type of SQL server (eg Azure SQL Database), you'll likely hit a platform mismatch error when the deployment starts. To override this platform match check, you can use the /p:AllowIncompatiblePlatform=true option with SqlPackage or your deployment tasks. This tells the deployment tools to skip platform validation and proceed with the deployment and assumes everything in the DACPAC is compatible with wherever it is being deployed to.

In Azure DevOps, if you're using the SqlAzureDacpacDeployment task, you add this extra property to the AdditionalArguments field:

- task: SqlAzureDacpacDeployment@1
  inputs:
    ...
    AdditionalArguments: '/p:AllowIncompatiblePlatform=true'

You can also manually call SqlPackage in a script step if needed — which gives you full control, especially if you're deploying to a SQL Server VM (the Azure task doesn't always work there).

Build the Project Twice to Validate Syntax for Both Platforms

Rather than relying on deploy-time compatibility settings, another option is to build the project separately for each target platform. This adds additional time and complexity to the pipeline, but is technically safer as a completed build won’t error out mid-deploy because the SQL project build validations check its compatibility with the target platform. This way, you catch platform-specific syntax issues before deployment.

You can do this by specifying a different DSP (Database Schema Provider, aka target platform) at build time:

- task: MSBuild@1
  inputs:
    solution: '**/*.sqlproj'
    msbuildArgs: '/p:DSP=Sql150DatabaseSchemaProvider' # For SQL Server 2019

You don’t need to specify a DSP property for the build step that matches the target platform in the SQL project file, this is only for temporarily overriding it at build time. All of the DSP values can be found in the SQL projects documentation - https://learn.microsoft.com/en-us/sql/tools/sql-database-projects/concepts/target-platform?view=sql-server-ver16&pivots=sq1-command-line

A quick plug for other pipeline fundamentals

1. The pipeline has to have network access to the database. One benefit of the SqlAzureDacpacDeployment task is that it can temporarily add/remove a firewall rule for Azure SQL Database, but you may end up deploying through a self-hosted agent within your private network.

2. Archive (publish) your DACPAC files, since they’re build artifacts and you may want to retrieve them at a later date.

A few basics

There are a few instances where you want to run SQL Server on macOS and interact with it from a windows VM. As someone that works within the world of SQL Server/Azure SQL, the use of SQL Server Management Studio (SSMS) comes to mind immediately - for the tasks you can't complete in Azure Data Studio on macOS directly. Another adjacent (and generally unfortunate scenario) is when work with .NET Framework is required, and for that, you need Windows. This article will step through the network information needed to connect from a Windows VM on macOS to a SQL Server container.

VM networking

Shared networking is the recommended (and default) network setting in Parallels. In this network layout, your macOS machine is automatically sharing its network connection with the VM and this is usually sufficient for VM use. The other insight we need to connect between macOS and the Windows VM is knowledge of the virtual subnet (network) between the macOS host and the VM.

The fastest way I've found to get my network info for the VM is within the VM itself, using ipconfig from Windows terminal. From its output, I note the VM's IP address and its gateway address. On my machine, the VM has the address 10.211.55.3 and the gateway is 10.211.55.1.

Conceptually, our macOS machine is playing 2 roles in the VM network - both the gateway and as a participant in the network. The SQL Server container running on our macOS host is available to the Windows VM at the IP address assigned to our host as a participant in the network.

Since the gateway address is x.x.x.1 and the VM is assigned x.x.x.3, I'm going to make an educated guess that my host machine is available at x.x.x.2. All that IP address information I gathered by running ipconfig from the Windows VM.

Test the connection

Using any SQL client application on the Windows VM will allow me to test the connectivity to the SQL container. This moment is a good one to fire up SSMS in the VM. I'll use the address 10.211.55.2 as my SQL server address.

If you encounter difficulties gaining connectivity, you may need to adjust firewall settings in macOS. If your firewall is enabled, use the Options button to allow specific connections.

Recap

While there's a lot of the development process that you can accomplish from just about any machine, there are still some specific instances where you need that Windows VM. With the default shared network setting, your macOS host has an address assigned to it that you can determine and use to connect from the Windows VM to a container running on macOS. In the setup on my machine, the Windows VM was assigned 10.211.55.3 and the macOS host (and SQL Server container) was available at 10.211.55.2.

When building applications on Azure SQL, one of the most flexible ways to send data from your database to other systems is to use Azure Functions. Azure Functions are serverless functions that can be triggered by a variety of events, including HTTP requests, timers, and Azure SQL Database changes. In this article, we will discuss how to send data from an Azure SQL Database to an FTP server and API endpoints using Azure Functions. The complete sample code for this article is available on GitHub.

This post is syndicated from https://devblogs.microsoft.com/azure-sql/using-python-and-azure-functions-to-send-data-from-azure-sql-database/

Get data from Azure SQL Database in Azure Functions

With Azure SQL bindings for Azure Functions we can easily retrieve data from an Azure SQL Database in an Azure Function, leaving the boilerplate code of connecting to the database and executing queries to the Azure Functions runtime. When our solution needs to operate on a schedule, such as every morning, we can use the timer trigger to start the Azure Function. Python Azure Functions are composed of a function.json file and an __init__.py file. The function.json file is where we define the function trigger and input/output bindings and the Python code is based in the __init__.py file. Querying Azure SQL Database with an Azure Function is as simple as adding an input binding to the function.json file:

{
    "name": "products",
    "type": "sql",
    "direction": "in",
    "commandText": "SELECT [ProductID],[Name],[ProductModel],[Description] FROM [SalesLT].[vProductAndDescription]",
    "commandType": "Text",
    "connectionStringSetting": "SqlConnectionString"
}

Once we have the input binding defined, we can use the parameter products in our function code to access the data returned by the query. The products parameter is a list of SqlRow objects, which are similar to Python dictionaries.

The Azure SQL input bindings for Azure Functions can run any SQL query, including stored procedures. The commandText property is where we define the SQL query to run. In the example above, we're selecting four columns from the view SalesLT.vProductAndDescription. The connectionStringSetting property is where we define the name of the app setting that contains the connection string to the Azure SQL Database. Additional examples are available which show using additional features, including parameters and executing SQL stored procedures.

Throughout the sample we have several values in the Azure Functions application settings, including the Azure SQL connection string, the API endpoint URL, and the FTP server login information. Keeping this sort of sensitive information out of code is a best practice that you’ll want to follow.

Sending data to an API endpoint

To send data to an API endpoint, we will use the requests library for it's simplicity and the built-in json library. With the requests library, we can easily send a POST request to an API endpoint with the data we want to send. The SQL input binding sends data as a list of SqlRow objects, which are similar to Python dictionaries. We can use the json library to serialize the data into a JSON string, which is the format that most APIs expect.

def main(everyDayAt5AM: func.TimerRequest, products: func.SqlRowList) -> None:
    logging.info('Python timer trigger function started')
    # convert the SQL data to JSON in memory
    rows = list(map(lambda r: json.loads(r.to_json()), products))

    # get the API endpoint from app settings
    api_url = os.environ['API_URL']

    # send the data to the API
    response = requests.post(api_url, json=rows)
    # check for 2xx status code
    if response.status_code // 100 != 2:
        logging.error(f"API response: {response.status_code} {response.reason}")
    else:
        logging.info(f"API response: {response.status_code} {response.reason}")

In our Azure Function we check the API response status code to make sure the request was successful. If the status code is not in the 2xx range, we log an error. If the status code is in the 2xx range, we log a success message. By logging an error, we can monitor the Azure Functions logs to see if there are any issues with calling the API endpoint.

That’s it! Those ~10 lines of Python are all we need to run a query against our Azure SQL Database and send that data to the endpoint we set in the Azure Functions app settings.

Sending data to an FTP server

While we formatted the data as JSON to send to an API endpoint, we may want to send our data to an FTP server as a CSV file. By using a package like pandas, we can quickly convert the data to a comma-separated format.

def main(everyDayAt5AM: func.TimerRequest, products: func.SqlRowList) -> func.HttpResponse:
    logging.info('Python HTTP trigger function processed a request.')
    filename = "products.txt"
    filesize = 0

    # convert the SQL data to comma separated text
    product_list = pandas.DataFrame(products)
    product_csv = product_list.to_csv(index=False)

Python has a built-in library, ftplib, that can interact with FTP servers. After retrieving the FTP server information from the app settings, we can connect to the FTP server and upload the data. Instead of writing the data to a local file before uploading to the FTP server, we can use the BytesIO class to handle the binary data to memory.

    datatosend = io.BytesIO(product_csv.encode('utf-8'))

    # get FTP connection details from app settings
    FTP_HOST = os.environ['FTP_HOST']
    FTP_USER = os.environ['FTP_USER']
    FTP_PASS = os.environ['FTP_PASS']

    # connect to the FTP server
    try:
        with ftplib.FTP(FTP_HOST, FTP_USER, FTP_PASS, encoding="utf-8") as ftp:
            logging.info(ftp.getwelcome())
            # use FTP's STOR command to upload the data
            ftp.storbinary(f"STOR {filename}", datatosend)
            filesize = ftp.size(filename)
            ftp.quit()
    except Exception as e:
        logging.error(e)

    logging.info(f"File {filename} uploaded to FTP server. Size: {filesize} bytes")

Wrapping up

With Azure Functions we have a low-overhead and flexible way to build application components and the Azure SQL bindings make it easy to retrieve data from Azure SQL Database. In this article, we took a brief look at an approach to sending data from an Azure SQL Database to an FTP server and API endpoints with Python in Azure Functions. If you'd like to dive into this sample further, the code is available on GitHub.

In five years, the program has received over 25,000 applications and enrolled more than 10,000 students (including those who have graduated), all working their way toward the same Georgia Tech M.S. in Computer Science as their on-campus counterparts. - https://omscs.gatech.edu/explore-oms-cs

Despite the use of online communities, legions of teaching assistants, and other techniques to expand the reach of a traditional masters of science program to thousands of students, there are still opportunities for students to be deeply engaged with university resources. One of these categories of opportunities is research and independent projects, which I was fortunate to experience in three ways during my time in the program.

Education Technology Foundations (CS6460)

Previous review comments here.

I'm starting with the EdTech course because the barrier to entry is low and the pathway to success is well guided. Registration for EdTech (CS6460) is open to OMSCS students without additional forms and even if you don't have a project in mind before the course, the first few weeks of the course involve exploration of academic literature on the intersection of education and technology. If you do have a project in mind, the first part of the course will help you focus and refine your idea to best fit the remainder of the course.

To be specific about your success in this course, you will agree on an outcome with a TA/mentor along with a planned approach when you decide on your topic. Along the way, adjustments can be made so its in your best interest to be honest with your mentor about challenges you are having or unforeseen barriers. In many cases your mentor will have experience in or adjacent to the area you're working on and can provide helpful suggestions. Much of this is similar to working with a PI (principal investigator) in a research group except the EdTech course takes a more structured approach to the project plan than most research groups.

After EdTech, you can optionally take your project further through a few avenues:

• participate in the student showcase, which is an online forum format of student presentations at the end of each semester

• continue working on the project independently, which is especially applicable if you are building an open source component

• approach a professor working in a related area and inquire if they're willing to mentor you for continued work through CS8903 (see below), a number of EdTech projects will fall in Dr. Joyner's areas of interest

In my opinion, unless you do 2-3x more work during the EdTech course than is required for the course, you are unlikely to have a project ready for publication in academic journals at the end of this class. However, if you continue the project past the course you may be on the way to publication. Regardless, EdTech can be a tremendously rewarding adventure into working on an individual or team project focused on an area of your interest.

Vertically Integrated Projects (VIP)

Previous review comments here.

OMSCS students are eligible to apply for VIP teams, an email is usually sent once a semester to remind students but you can begin investigating options at any time. Applications are open around the time of phase 1 registration, so you need to be thinking ahead if at all possible.

My suggestion for participating in VIP is to not only complete the application to a team, but if you have related experience (professional or academic) or compelling interest in specific topic that you also communicate with the professor leading the team via email. Do enough background research into the work the team is doing to have engaging questions.

An important component of VIP is the team component. There is a high likelihood that you will be collaborating with other students, undergraduate and/or graduate students. This makes VIP an excellent opportunity to learn from others but also to be a leader and help other students. OMSCS students can be highly desireable to VIP teams because we come to Georgia Tech with diverse backgrounds and experiences, exactly the kind of innovation that vertically integrated projects are seeking.

My experience with VIP involved relating previous undergraduate and graduate research to the VIP project components, as well as areas I'm interested in learning more about. The VIP team I joined had a branch that required some development experience that I was able to work on where my previous experience was helpful in gaining context quickly and getting started.

Special Projects (CS8903)

Previous review comments here.

Special projects does not change your OMSCS degree pathway from being coursework based, but it does create a significant opportunity to do research for credit (3 or 9 credits) that can be part of your coursework credits. These are credits that count towards your "free electives", no matter what your specialization is. These statements are made based on the current content of https://omscs.gatech.edu/program-info/specializations, you will check with your academic advisor before pursuing.

Understanding academic research

Academic faculty are highly motivated to conduct research, where there success is measured mostly by their publications but also by the success of their team (postdocs, graduate students, and extraordinary undergrads). The phrase "publish or perish" is invoked as a reminder that research must go on. This is not to suggest that all academic faculty aren't interested in your success as a student, but it's really important to understand some of these dynamics if you want to successfully participate in academic research. First off - I'll define your success as an OMSCS student in CS8903:

1. Making forward and novel progress on a project of sufficient difficulty that it makes for engaging conversation with people on a deep technical level

2. Completing agreed upon checkpoints to complete the CS8903 credit hours. If you were a full time research student, you would be trying to meet expectations to continue your "employment" in the group

3. Optionally, your work is published or included in a publication by the research group

Research groups are generally structured horizontally into subgroups of people around projects under the PI (principal investigator, or faculty member). A research group around a PI can contain post-doctoral researchers (postdocs), graduate/PhD students, and undergraduate students. In larger groups, the more senior folks (postdocs) can take on a good deal of mentorship of student researchers. Newer faculty members will have smaller groups that are often more tight-knit in both the vertical and horizontal direction.

Getting Started with CS8903

The process for starting CS8903 is a bit more involved than the previous options, but the possibilities are nearly endless! There are over 100 academic faculty in GT Computing and all of their research areas are potential content for your work for CS8903. To enroll in CS8903 and work on a faculty member's research project, you will need to:

1. Educate yourself on their current work, including publications and opportunities for more advancement in that area. You may want to familiarize yourself with the GT Library to get access to some of the content.

2. Reach out (via email) to introduce yourself and/or complete any research interest forms they have linked on their website (not all faculty have these). Similarly to the introduction email I recommend for VIP (although now required), you're trying to make a good impression - you're smart, inquisitive, hard working, etc.

3. Ask the professor if they're willing to supervise you for CS8903 where you'd work on their project {fill in the blank here} based on your interest/experience/knowledge/unique charm. It's ideal to have a virtual meeting with the professor mid-semester to discuss their work and brainstorm what you might work on. Look at the CS8903 permit form before this meeting.

4. If the professor agrees, complete and submit the CS8903 permit form, including a statement of research.

5. Register for CS8903 during registration and setup regularly meetings with your advisor. If their research group does virtual or hybrid meetings, you may want to join those.

The statement of research should be two or three pages and should include the following:

• Problem Statement or Project Goals

• Solution Proposal or Approach

• Schedule of Work

• Expected Results or Outcome (Deliverables)

School of Computer Science Special Problems (CS 8903) Permit Form, https://www.cc.gatech.edu/graduate-forms-procedures

I got started with CS8903 by digging further into the "Databases" area of research and looking through all the faculty at Georgia Tech I could find that work with databases. Prof. Arulraj is involved in a few projects, some newer and others carrying over from their original PhD work. Their research group is relatively small - which is a pro or con depending on a number of other factors. One of those projects was of significant interest to me, so I read no fewer than 10 papers of theirs or referenced by them before reaching out to ask about future opportunities.

Summary

This article isn't necessarily exhaustive and there may be other ways to conduct research in OMSCS, including reaching out to a professor similarly to as would be done for CS8903 but instead of under the premise of you doing research work "for free". As the OMSCS program evolves over time, additional opportunities may become available for students. In my experience, all three of VIP, EdTech, and CS8903 options were readily available to customize the work done for OMSCS to fit my area of interest. Know your strengths and don't be afraid to explore!

I received the decision notification email while driving from Missouri back home to Minnesota. It was unpleasantly cold and windy at a gas station in Iowa as I navigated the applicant portal from my iPhone. Also relatively unpleasant was the news that I had not been accepted to OMSCS.

In December 2022 (this month), I graduated from OMSCS. In this post I'm going to talk just a bit about what I did between being rejected in 2015 and being admitted to OMSCS as well as review some pieces of OMSCS.

Pre-OMSCS

I'm not going to speculate about the differences in my applications and the applicant pools between 2015 and 2020, but I do want to talk about how I was a different person going into OMSCS because of the additional experiences I did have in that time.

• I developed a few skills for Amazon's Echo/Alexa devices, and as a part of it started thinking more developer experiences and platform integration. I even took a day off once to go to an Alexa Dev event in Minneapolis "for fun".

• I got involved in professional organizations around the systems I used at work (SQL Server, Dynamics SL). With SQL Server I was able to get back to speaking/teaching and learned a whole lot from the great folks involved with SQL Saturday MN (PASSMN). With Dynamics SL I was able to learn more about the depths of the product in organizing content for conferences and eventually served on the Board of Directors.

• I took a few certification exams to solidify and validate technical knowledge.

• I completed two professional certificate programs through Coursera focused on product management and business strategy.

• I created a few extensions for Azure Data Studio.

To be honest, I wasn't planning to re-apply for OMSCS. It was in early 2020 when I was looking to apply for new roles (landing in SQL experiences at Microsoft) that I decided to go after OMSCS again. I figured if one avenue didn't work out, maybe the other would.

OMSCS Review

I worked on the "Computing Systems" specialization and over 2.5 years completed the requirements for matriculation (2020-2022). COVID-19 restrictions were in full force during the early semesters - which had its benefits at times - but we had just moved to Washington and I had just started a new job. In later semesters all 3 of our dogs passed away. There are some colleges that have hybrid or online MS CS programs that still have significant synchronous or on-campus components, but Georgia Tech's OMSCS is fully-centered in the online campus.

Despite all the daily stresses and life events happening during OMSCS, my key to success was repeatedly setting aside everything else to focus on course content for hours every week. For some classes this might be in the range of 10 hours, for others it was 20+ hours. Given the demands of life, I am incredibly fortunate to have a supportive spouse who made a number of sacrifices over that span.

There are some realities of a graduate program that can be jarring to the student, especially if they're expecting more of a bachelors degree:

• the pace at which material is covered requires individual learning - know how you learn topics

• the topics/subjects are provided, but the materials that you need to master it may not be explicitly provided - know how to look for books, papers, videos

• the background of each student varies widely and some folks grasp topics faster than others - know how to leverage study groups or ask peers for advice

Courses

Fall 2020

The common advice for the first semester is to take only a single class to allow you to adjust to graduate school and avoid becoming overwhelmed. I didn't listen and added the VIP project course, but I also didn't really read course reviews yet either.

Vertically Integrated Project (Big Data and Quantum Mechanics):

⭐️⭐️⭐️⭐️_ (4/5 stars)

The Vertically Integrated Projects (VIP) program is a cross-functional research initiative at Georgia Tech where bachelors and masters students can contribute to larger projects alongside faculty and PhD students, where the increased innovation benefits the multidisciplinary projects and students earn course credit for their work. As a student, team assignment is a selective process, but for OMSCS students there are a good number of teams that are seeking CS expertise for their projects. I applied to the the Medford group to work on their visualization software for ML-assisted DFT (ElectroLens). The team was an ideal fit due to my original MS in chemistry where my thesis leveraged DFT and ElectroLens is based in Electron/JavaScript. I can't recommend VIP highly enough, whether you have previous research experience or are looking for more guidance - you get great exposure to academic research through this program.

Database Systems Concepts and Design (CS6400):

⭐️____ (1/5 stars)

This course moved fairly slowly through entity-relationship diagrams, relational algebra/calculus, and report writing for a LAMP stack application. The preface for the textbook used literally recommends the chapters covered by this class for an introductory undergraduate course. I was sorely disappointed at the lack of coverage for index structures, query processing, transactions, or security (all included in the textbook for use at the graduate level). Frankly, I was so unimpressed with the databases course that if I hadn't also done VIP that first semester I would have been tempted to stop the program and focus on promotions at work. I was concerned that every course would have such low quality of content. I didn't find this to be true, and am glad I continued on to better courses.

• group project (you can get team members who do nothing)

• rudimentary content all the way through

• terribly worded exam questions

Spring 2021

After carefully reading course reviews, I paired an easier course (Computer Networks) with a more time-consuming course (Intro to OS), both well-rated.

Computer Networks (CS6250):

⭐️⭐️⭐️⭐️_ (4/5 stars)

My systems administration background served me well in this class, which had a nice balance between exams/quizzes/projects. The content looked at how some networking fundamentals work behind the scenes and the projects were often Python implementations of algorithms. Extra kudos to the instructional design for this class such that students could collaborate on creating test cases and/or unit test frameworks for the projects, which created additional learning opportunities.

• easy-to-moderate assignments

• content chopped up into bite-size segments

Graduate Intro to OS (CS6200):

⭐️⭐️⭐️⭐️⭐️ (5/5 stars)

This course is legendary for its content, project time commitment, and instruction. The depth and pacing of the topics is not overwhelming, but studying for the exams with flash cards was necessary to make sure I was picking up the material sufficiently. On top of preparing for exams with the course videos and reading, this course's projects (3 of them) are each about a 40 hour commitment (varying based on your experience with C, debugging, and acclimating to an existing codebase). I had at least 1 near-breakdown with each project, often at late hours of the night, as my brain stretched to grasp problem space and properly allocate memory. If I had to pick a favorite class from the program - this would have been it. After completing the course I wanted to take advanced operating systems but ultimately didn't fit it in.

• 2 moderate difficulty exams that aren't too highly weighted

• 3 difficult assignments with clear connection to course material

Summer 2021

Some students opt to have the summer free from school and don't take a class, especially since it's an abbreviated semester. I opted for enrolling in classes that didn't have enormous workloads during the summers.

Software Arch & Design (CS6310):

⭐️⭐️___ (2/5 stars)

While this course was full of busy work through in-module quizzes, it also offered a lot of supplementary/required readings. The most notorious is likely the Gang of Four design patterns, but there many others including some solid nods to Uncle Bob. The course had about as many assignments on how to communicate the software architecture through UML/OCL as designing the architecture, which is valuable but there's a depth of architecture design content available that is interesting to check out. The bulk of the grade for this course came from project assignments, which culminated in a group project component. Similarly to the first semester group project, there was a group member who ultimately shouldn't have received any points because despite multiple people trying to bring them up to speed they were unable to build the project code much less contribute. As long as your group only has 1 or 2 people in this category (out of 4 or 5), you'll be able to pull through and complete the work, but it is a risk. I'm a huge supporter of the program's high acceptance rate but I propose that it is reasonable that a subset of courses are approved for first-semester students that have only individual work to bottleneck students who need to ramp up.

• most valuable course content is in supplemental material

• group project

• "easy course" - highest grade in the program

Fall 2021

Individually both of these courses are notable for content and instructional style, but they additionally share a significant amount of academic paper reading and writing. To spare myself the context switching, I paired the courses up for a semester where I could stay in the mindset of interaction design and writing.

Human-Computer Interaction (CS6750):

⭐️⭐️⭐️⭐️⭐️ (5/5 stars)

HCI is a "Dr. Joyner course" with 2 aligning sets of papers focused on the principles learned and applying those as methods towards a project idea. There's a good amount of engaging reading, and it certainly helps that I'm interested in the topic. I still some of those resources from time to time for work as a PM. As tempting as it was to use one of the SQL tools for the project, I ended up proposing improvement to the GPS navigation component of Apple CarPlay, and had a little fun along the way with user surveys and scraping product review APIs.

Education Technology Foundations (CS6460):

⭐️⭐️⭐️⭐️_ (4/5 stars)

EdTech is another "Dr. Joyner course" and is similarly structured to HCI but with a much larger independent project component. You are given a general direction to investigate a gap in education where technology plays a role, and can conduct empirical research or implement improvements. My focus area, to no one's surprise, was database systems. After scrubbing the literature on higher education for database systems, one of the chasms that forms is automated grading infrastructure for database assignments. I took a swing at the issue with SQLGrader, designed to scale to courses such as the databases course I took in the first semester.

{{< figure src="https://robertdroptablestudents.github.io/assets/diagrams/arch.png" title="SQLGrader architecture overview" >}}

I can't say I continued working on SQLGrader despite there being many opportunities to improve it, as I had also started a project proposal for the next semester.

Spring 2022

Special Problems (CS8903):

I was very fortunate that Prof. Joy Arulraj was receptive to my inquiry and project proposal, which took tiny step forward with his SQLCheck tool for identifying antipatterns in SQL code. The second version of it was fresh off of feature in VLDB. The work I did was spit into 2 categories - the first was minor/quick improvements to the original (open source) SQLCheck and the second was to establish forward motion on the second generation of SQLCheck. This involved updating dependencies, hardening the container images with a few best practices, and establishing patterns for sharing compute resources with other projects in the DB research group (egress networks, SSL configuration, etc). The Special Problems course is designed to mix a thesis-driven Masters degree with a coursework-driven Masters degree such that the learner can dip their toes in or immerse further in a research area. I won't give this a star rating because it is a phenomenal option for OMSCS students and Dr. Arulraj was a fantastic mentor, but I know my mental state was rapidly declining during 2022 and had I been engaged on this at a different time would have wished I got more out of it.

I was very worn out from the program at this point and on top of it 2 of our dogs passed away during the spring semester. I'm very glad that I stepped back to taking 1 class at a time to avert total meltdown and to afford more time to spend with Ellie and Louie during their final days.

Summer 2022

Software Analysis and Testing (CS6340):

⭐️⭐️⭐️__ (3/5 stars)

The Software Analysis course covered automated testing/analysis concepts, for example looking at how compilers can detect issues like uninitialized variables in code. Many of the topics were applicable to the security of software (eg fuzz testing) but there's a strong link to the importance of the tools that are used as software is written (or compiled). A good portion of the assignments/labs were leveraging LLVM C++ APIs, however an attempt was made to use TypeScript/JavaScript in a lab to demonstrate type-checking and delta debugging was explored in Java. No complaints about the variety of languages, only complaint was that the course seemed like it attempted to hard to be "light" with short assignments and only a single exam. It's not an exaggeration that a handful of the assignments were less than 60 minutes of work. This course could be significantly improved with more investment into the course assessments. Ok course and on the edge of being a good course.

• easy-to-moderate assignments, most of the difficulties coming from lab requiring an older version of LLVM

• content chopped up into bite-size segments

Machine Learning and Data Science Tooling Seminar (CS8001):

The seminar concept was introduced just in 2022 and I was thrilled! These offerings are 1-credit hour options to interact with others and work through a breadth of light material on a topic, ideal for semesters where you have just a little extra time expected but not enough for a full course. I very much recommend trying out even just 1 during OMSCS.

Fall 2022

Introduction to Graduate Algorithms (CS6515):

⭐️⭐️⭐️⭐️_ (4/5 stars)

I'm torn on the rating for Intro to Graduate Algorithms because it is a good course (4 stars) but it is a graduation requirement and structured differently than most other courses in the program, leading to unnecessary stress for the ~850 students each semester as they scratch and claw their way out (2 stars). The downfall of Georgia Tech's popularity is that this course bottlenecks at the end of the program and is all but impossible to register for until your last 1, maybe 2 semesters. A number of students take it more than 1 time to receive a passing grade and I understand that there's no real incentive to have students take this course earlier when they might quit the program instead of toughing it out in this course. It very much reminded me of teaching science for ITT Technical Institute to first-semester students and how the dean of students would come remind me, frequently, that I was grading too harshly and reducing the enrollment numbers for later courses. Many other courses that were difficult to enroll in now have a reduced bottleneck so I hold out hope that in a few more years, graduate algorithms won't be the last class every student takes.

This course is notoriously difficult, almost a self-perpetuating cycle at this point, since a good portion of the difficulty comes from our responses to stress and inability to think under pressure. If you, like many other students in the program, are far removed from your last formal discussion of algorithms, learning how to even answer homework and exam questions will be difficult. That's ok, you can handle that. You're going to need to do a lot of practice problems anyway (dynamic programming, graph algorithms, divide and conquer, linear programming) to really grasp the material, and you're going to do them until you don't need your notes or any prompts to work out the answer completely. This class isn't a leetcode prep course, and although it does introduce some concepts that can be helpful in that prep you will write < 200 lines of code for the class. Office hours (mini lectures) are provided weekly, which you can go to live or watch the recording. Study groups are recommended, and hopefully you are unafraid to leave/join study groups until you find one that works well for you. In your study group you should be able to ask questions and work through problems while your peers provide feedback (criticism, reinforcement, etc). When all is said and done, this class has three exams that are each 25% of your grade. The final exam is only an opportunity to replace one of those exam scores if you'd like to improve the grade you're at, an opportunity I've heard isn't available during the summer. I was sitting in the B range before the final exam and was quite happy to not need to take it.

Research

If you made it through my course reviews, you probably noted that I had a few opportunities to do research.

• VIP

• Education Technology

• Special Problems

Despite being a fully-online in both coursework and community program, Georgia Tech manages to offer multiple avenues for OMSCS students to do research - which is phenomenal. Whatever your aspirations are following OMSCS, there's an opportunity to dive deeper into a subject that interests you if you're ready to work independently.

Cost

• Fall 2020: $1,381

• Spring 2021: $1,381

• Summer 2021: $841

• Fall 2021: $1,381

• Spring 2022: $841

• Summer 2022: $1,021 (increased due to seminar enrollment)

• Fall 2022: $647 (decreased for all OMSCS students with removal of institutional fee)

Total: $7,493

(One of my employer's benefits is a generous amount of tuition reimbursement, which I used to cover the cost of OMSCS.)

Summary

I'm proud of having completed OMSCS and I'm really grateful for all the learning opportunities I had as a part of the process. I don't have the same aspirations as I did during my first application to the program but I do know that even while in the program the knowledge I was picking up was immediately applicable to my work, to which I'll credit some of my growth at work to OMSCS. It was a tough program and offers a lot of options for students to create their path that benefits them the most.

Sometimes people would ask me "what's it like working and doing school part time?" or "I've been thinking about doing a masters, how is it?" - to which my response is usually:

It's really awful and painful, but I love it.

Thanks OMSCS, I loved it.

Overview

The application of RLS to PowerBI in an embedded scenario requires a 2-part change from the vanilla embed scenario. With the goal of embedding a report with row level security enforced, we must make changes to the embed token generation as well as to the report in PowerBI desktop.

Obtaining a User/Role-Specific Embed Token

We're going to start from the .NET Core example (previous post) for generating an embed token. At line 61 we adjust the GenerateTokenRequest function to take in a new parameter, an EffectiveIdentity. Our GenerateTokenRequest goes from:

var generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view");

to:

var generateTokenRequestParameters = new GenerateTokenRequest(
    "View", // access level
    null, 
    identities: new List<EffectiveIdentity> { new EffectiveIdentity(
        username: "PutTheUserNameHere", 
        roles: new List<string> { "RoleNameHereThisIsDefinedPerReport"}, 
        datasets: new List<string> { report.DatasetId }
    )}
);

If your code (like the sample) does not already include list structures, you will need to add a reference to System.Collections.Generic with this adjustment. Other necessary changes to your code include likely input parameters for the userID of the runtime user, potentially the role(s) as well.

Preparing a Report for Row Level Security in PowerBI Desktop

Without diving too far into the structure of your data, we’re going to play with a sample model so simple that it is a single table. This model fulfills the most important constraint for row level security – a field that can be used in a DAX expression to validate access by user or by role – in this case by including a single column for the user’s identifier.

Back in the PowerBI report designer view under the Modeling tab, we find an option for Manage Roles. We are creating a single role called “Users” and it filters the single table in our dataset with the expression [USERID] = username(), that is the column USERID must equal the username.

Note! When you view the report in PowerBI desktop and a role is not applied to your user, RLS is not enforced. The view-as functionality can be useful to apply the RLS of a specific role. In the example below, no rows match the username ‘DSK-LAPTOP\drewk’ when the role ‘Users’ is applied.

Tip! Want to know what username is being used at report runtime? Add a measure to your dataset for RUNTIMEUSERID = username() and add the measure to a card visual.

The Resulting Row Level Security

A GUID-style username is passed to the report at runtime along with the role name ‘Users’, matching a subset of the rows. The resulting dataset and report embed token have RLS enforced, displaying only 57 of the total 114 rows.

References

• https://docs.microsoft.com/en-us/power-bi/developer/embedded-row-level-security#applying-user-and-role-to-an-embed-token

• https://docs.microsoft.com/en-us/power-bi/service-admin-rls#using-the-username-or-userprincipalname-dax-function

• https://docs.microsoft.com/en-us/dotnet/api/microsoft.powerbi.api.v2.models.effectiveidentity?view=azure-dotnet

• https://docs.microsoft.com/en-us/dotnet/api/microsoft.powerbi.api.v2.models.report?view=azure-dotnet

• https://docs.microsoft.com/en-us/power-bi/service-admin-rls

Previously, PowerBI embedded in the “app owns data” architecture required the use of a master username/password combination when retrieving an embed token. Fortunately – a service principal can replace a master account in v2 workspaces and provides a pathway to a superior authentication implementation for “app owns data” scenarios.

Generate an Embed Token for Service Principal Authentication

The PowerBI JavaScript API for embedding reports/dashboards requires an embed token and report embed URL to be passed for the specific report. We obtain this information within a .Net Core Azure Function – to do so, we need 3 pieces of information:

• PowerBI Workspace Id
• Azure AD app registration – Application (client) Id and Client Secret
• Report Id – can be sent at runtime

Workspace Id Visible in the Browser URL

Previous Architecture and Changes

PowerBI Workspace and Premium Capacity

The established PowerBI workspace needed to be upgraded from v1 to v2, which was nearly trivial and completed in place. If you are starting from scratch – you can create the PowerBI workspace from the PowerBI web interface and a PowerBI premium capacity from the Azure Portal.

Azure Active Directory App Registration

We already have an Azure AD app registered with the necessary permissions for the PowerBI API and will continue to use that same registered application with the addition of the service principal. To do so, we now need to generate a Client Secret in the application.

The client secret, with the client/app id, is used to create the credential to authenticate our service principal with Azure AD.

The ” Application (client) ID” is found on the app registration overview tab. The client secrets are managed under “certificates & secrets.”

Azure AD App – Client Secret

string ADdomain = Environment.GetEnvironmentVariable("ADdomain");
string ClientId =  Environment.GetEnvironmentVariable("AppClientId"); 
string ClientSecret = Environment.GetEnvironmentVariable("AppClientSecret");

After grabbing those values from application settings, they are used with the ADAL.NET to authenticate against Azure AD. I wasn’t ready to jump to version 5 of ADAL.NET, so this example relies on 3.19.8.

var credential = new ClientCredential(ClientId, ClientSecret);

// Authenticate using created credentials
string AuthorityUrl = "https://login.microsoftonline.com/"+ADdomain+"/oauth2/v2.0/authorize";
var authenticationContext = new AuthenticationContext(AuthorityUrl);
var authenticationResult = await authenticationContext.AcquireTokenAsync(ResourceUrl, credential);

Creating a Service Principal

Creating a service principal and associating it with the Azure AD app can be accomplished through the Az Powershell module. It’s worth noting that when you start associating a service principal with an Azure AD app, previous permissions within Azure AD are terminated. This means that your prior integration may break if the permissions weren’t set within the PowerBI admin portal.

The Powershell script below takes your Azure AD app’s Application (Client) Id – as used above – then creates a service principal in that app (line 10), generates credentials for it, creates an Azure AD security group (line 16), and finally adds the service principal to the security group.

import-module Az

# Required to sign in as a tenant admin
Connect-AzAccount

# Create a new AAD web application
$app = Get-AzADApplication -ApplicationId 12345678-1234-1234-1234-123456789012

# Creates a service principal
$sp = New-AzADServicePrincipal -ApplicationId $app.ApplicationId -DisplayName "PowerBI_ServicePrincipal"

# Get the service principal key.
$key = New-AzADSpCredential -ObjectId $sp.ObjectId

# Create an AAD security group
$group = New-AzADGroup -DisplayName "PowerBI_Security" -MailNickName notSet

# Add the service principal to the group
Add-AzADGroupMember -TargetGroupObjectId $($group.ObjectId) -MemberObjectId $($sp.ObjectId)

Once the service principal and enclosing security group is created, you have 2 steps in the PowerBI admin portal to enable the service principal for the workspace:

Enable Service Principals

1. Enable Service Principals in Tenant settings > Developer settings (scroll down) > Allow service principals to use Power BI APIs. For best security practices, limit this to the security group you created above.
2. Add the security group as an admin of the PowerBI workspace – in the PowerBI portal within the workspace, select access in the upper right.

The Azure Function

In our architecture, an Azure Function takes a report Id as a query string for a report that has been published to the workspace. The function outputs the 3 key items necessary for embedding a report via the PowerBI JavaScript library: report Id, report embed URL, and an embed access token.

After the Azure AD authentication of the registered app, as above, the credentials are transformed for use by the PowerBI API. The authInfo object is a template for the return content.

var tokenCredentials = new TokenCredentials(authenticationResult.AccessToken, "Bearer");

// Create a Power BI Client object. It will be used to call Power BI APIs.
using (var client = new PowerBIClient(new Uri(ApiUrl), tokenCredentials))
{
    var report = await client.Reports.GetReportInGroupAsync(GroupId, reportInfo);

    // Generate Embed Token.
    var generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view");
    var tokenResponse = await client.Reports.GenerateTokenInGroupAsync(GroupId, report.Id, generateTokenRequestParameters);

    if (tokenResponse == null)
    {
        log.LogInformation("Failed to generate embed token.");
    }

    authInfo.accessToken = (string)tokenResponse.Token;
    authInfo.embedUrl = (string)report.EmbedUrl;
    authInfo.embedReportId = (string)report.Id;
}

The resulting Azure Function can be called by our application to supply the embed token and embed URL for the report. For the full function and the PowerShell script, check out my example repository: powerbi-appownsdata-serviceprincipal

References

• Embed service principal
• Embed sample for customers
• New-AzADSpCredential
• GetReportInGroup
• PowerBI Developer Samples